Secure placement of centralized media controller application in mobile access terminal
A mobile access terminal (MAT) for use in an internet protocol multimedia system (IMS). The mobile access terminal comprises a first region of memory, a device application stored in the first region of memory, a second region of memory that implements a trusted security sector, and a centralized media controller application stored in the trusted security sector. The centralized media controller application is mated and paired with an incident internet protocol multimedia system network and wherein the centralized media controller application authenticates the device application and provides the device application with communications connectivity with the incident internet protocol multimedia system network.
Latest Sprint Communications Company L.P. Patents:
- Electronic subscriber identity module (eSIM) transfer via activation code
- Method and system for sensing-data collection and transport from Minimization-of-Drive Tests device
- Fifth generation (5G) edge application authentication
- System and method of access point name (APN) dynamic mapping
- Internet of Things communication service
This application is a continuation in part of U.S. patent application Ser. No. 12/486,873, filed Jun. 18, 2009, entitled “Mobile Access Terminal with Local Call Session Control Function,” by Paczkowski, et al., which is incorporated herein by reference in its entirety.
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENTNot applicable.
REFERENCE TO A MICROFICHE APPENDIXNot applicable.
BACKGROUNDMobile access terminals (MATs) are known in a wide variety of forms including mobile phones, personal digital assistants (PDAs), wireless enabled laptop computers, wireless enabled notebook computers, and others. As semiconductor technology advances, producing ever more powerful logic processors, and as wireless networks evolve to higher data throughput rates, the functionality that can be provided from mobile access terminals becomes more powerful. The internet protocol multimedia system (IMS) communications architecture has become a common core of the communications networks.
SUMMARYIn an embodiment, a mobile access terminal for use in an internet protocol multimedia system is disclosed. The mobile access terminal comprises a first region of memory, a device application stored in the first region of memory, a second region of memory that implements a trusted security sector, and a centralized media controller application stored in the trusted security sector. The centralized media controller application is mated and paired with an incident internet protocol multimedia system network and wherein the centralized media controller application authenticates the device application and provides the device application with communications connectivity with the incident internet protocol multimedia system network.
In an embodiment, a mobile access terminal for use in an internet protocol multimedia system is disclosed. The mobile access terminal comprises a first memory chip, a first device application stored in the first memory chip, a second memory chip that implements a trusted security sector, and a trust exchange service stored in the trusted security sector. The mobile access terminal further comprises a centralized media controller application stored in the trusted security sector, wherein the centralized media controller application is mated and paired with an incident internet protocol multimedia system network and wherein the centralized media controller application receives internet protocol multimedia system access client requests from the first device application via trust exchange service, authenticates the first device application, and provides the first device application with communications connectivity with the incident internet protocol multimedia system network.
A method of establishing a device to device wireless voice call is disclosed. The method comprises receiving a voice call origination request by a centralized media controller application, where the centralized media controller application executes in a trusted security sector of a first mobile access terminal, where the called party designated by the voice call origination request is a second mobile access terminal, wherein the first mobile access terminal is coupled to a micro network. The method further comprises determining by the centralized media controller application using the session initiation protocol (SIP) presence function that the second mobile access terminal is accessible in the micro network. The method further comprises establishing by the centralized media controller application a voice communication channel between the first mobile access terminal and the second mobile access terminal using wireless links provided by the micro network, wherein the wireless links do not involve a base transceiver station (BTS).
These and other features will be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings and claims.
For a more complete understanding of the present disclosure, reference is now made to the following brief description, taken in connection with the accompanying drawings and detailed description, wherein like reference numerals represent like parts.
It should be understood at the outset that although illustrative implementations of one or more embodiments are illustrated below, the disclosed systems and methods may be implemented using any number of techniques, whether currently known or not yet in existence. The disclosure should in no way be limited to the illustrative implementations, drawings, and techniques illustrated below, but may be modified within the scope of the appended claims along with their full scope of equivalents.
In an embodiment, a mobile access terminal (MAT) comprises a trusted security sector that is an execution and/or memory region providing enhanced security. The trusted security sector may interact with other applications and/or features executing and/or stored on the mobile access terminal, outside of the trusted security sector in what may be referred to as a permissive sector, via the mediation of a trust exchange service. For example, a centralized media controller application stored and executed in the trusted security sector of the mobile access terminal may provide a variety of communication network services to device applications executing in the permissive sector of the mobile access terminal that would normally be provided by communication servers located behind a firewall in a communication service provider network.
In an embodiment, the centralized media controller application provides internet protocol multimedia system (IMS) proxy services. In an embodiment, the centralized media controller application may implement one or more extracted call session control function (CSCF) server applications that provides a reduced set of CSCF server functionality. The centralized media controller application may encapsulate highly confidential information that a service provider would not want to be readily hacked into by electronic criminals. By storing and executing the centralized media controller application in the trusted security sector, the vulnerability of the centralized media controller application to hacking or other security breaches is reduced.
In an embodiment, the mobile access terminal promotes a near field communication transceiver of the mobile access terminal engaging in session initiation protocol (SIP) message exchanges to establish new communication scenarios. For example, a mobile access terminal may download a door scanner application and associated credentials in preparation for visiting a new office. When the mobile access terminal is presented at the office building door scanner, the near field communication transceiver queries the door scanner application that was down loaded to the mobile access terminal to obtain electronic credentials, and then provides the needed electronic credentials to the office building door scanner to pass through the door. The door scanner application downloaded to the mobile access terminal, triggered by the interaction with the near field communication transceiver, sends a SIP invite message to the centralized media controller application on the mobile access terminal to retrieve media content via the macro cellular network, for example media content that provides graphical information for finding the correct floor and the correct room for a scheduled meeting. Additionally, the SIP invite message sent to the centralized media controller application on the mobile access terminal may request the centralized media controller application to establish a media stream to download documents related to a meeting to a laptop computer belonging to the user of the mobile access terminal.
As another example, the near field communication transceiver of the mobile access terminal may complete a payment transaction at a point-of-sale terminal, and the point-of-sale terminal may send a SIP invite via the macro cellular network to the centralized media controller application to play a video, for example a promotional message, on a display of the mobile access terminal while the payment transaction is completed.
In an embodiment, an extracted CSCF server application—which may be a component or portion of the centralized media controller application—may promote a user-to-user communication mode that unloads the macro cellular network. For example, in the presence of a femtocell, a calling application on a first mobile access terminal may attempt to originate a call to a second mobile access terminal, when both the first and second mobile access terminal are in the coverage of the femtocell. The extracted CSCF server application can send out a SIP invite message to the second mobile access terminal and determine that the second mobile access terminal is receiving coverage from the same femtocell that is providing coverage to the first mobile access terminal. In this case, the extracted CSCF server can set up the bearer channel to route the communication traffic between the two mobile access terminals directly through the femtocell—a device to device communication mode—and bypass the macro cellular network, thereby conserving the resources of the macro cellular network.
Turning now to
In an embodiment, the system 500 comprises a network 531. The network 531 may be a private network, a public network, or a combination thereof. The network 531 may promote voice communications and data communications. Portions of the network 531 may provide an IMS network. The mobile access terminal 502 may couple to the network 531 by a variety of communication paths. The mobile access terminal 502 may communicate with a base transceiver station 532 via a wireless link according to any of a variety of wireless communications protocols, including but not limited to code division multiple access (CDMA), long-term evolution (LTE), worldwide interoperability for microwave access (WiMAX), global system for mobile communications (GSM), or other wireless communication protocol. The wireless link between the mobile access terminal 502 and the base transceiver station 532 may couple the mobile access terminal 502 to the network 531.
In an embodiment, the mobile access terminal 502 may communicate with a point-of-sale (POS) terminal 530 using the near field communication transceiver 514 based on a short range wireless communication protocol, and the point-of-sale terminal 530 may couple the mobile access terminal 502 to the network 531. In an embodiment, the mobile access terminal 502 may communicate with a door scanner via the near field communication transceiver 514 based on a short range wireless communication protocol. In an embodiment, the mobile access terminal 502 may communicate with a femtocell 540 via a wireless link according to any of a variety of wireless protocols, including but not limited to code division multiple access (CDMA), long-term evolution (LTE), worldwide interoperability for microwave access (WiMAX), global system for mobile communications (GSM), or other wireless communication protocol.
In an embodiment, the femtocell 540 may couple the mobile access terminal 502 to a second mobile access terminal 542. In some contexts, this may be referred to as device-to-device communication, from the point of view that the traffic does not need to pass over the network 531. A femtocell, as known to those skilled in the art, may be a small cellular base station that may be designed for use in a home or small business. The femtocell provides wireless links, for example to mobile phones within its relatively small coverage area, according to standard cellular wireless protocols and couples these links, if needed, over a wired link to the core network or a service provider's network, for example the network 531. A femtocell, for example the femtocell 540, may be said to provide a micro cellular network to mobile access terminals within its small coverage area. The coverage area of base transceiver stations such as the base transceiver station 532 may be referred to as part of the macro cellular network. The femtocell 540 may extend cellular wireless coverage to dead zones or zones of poor macro cellular wireless coverage, for example to improve wireless coverage indoors. Some further details of communications scenarios enabled by loading the centralized media controller application 506 in the trusted security sector 504 and/or on the mobile access terminal 502 are discussed hereinafter.
As is known to those of skill in the art, a secure element (SE) may be a specialized semiconductor device and/or semiconductor chip that is designed to thwart attempts to reverse engineer the secure element or to physically slice and examine the secure element under a microscope. In an embodiment, the secure element 516 may be provided in a separate first memory chip. This semiconductor technology may be employed to store confidential information such as financial account balances, fund balances, and/or electronic money. The secure element 516 may allow only a limited number of applications to access the secure element 516 and/or may limit the functions that may be initiated by applications. In an embodiment, the near field communication transceiver 514 may be coupled to the secure element 516 to promote secure payment interactions between a fund stored in the secure element 516 and the point-of-sale terminal 530.
In an embodiment, the trusted security sector 504 may be provided in a secure area of a memory chip shared with the permissive sector 508 or in a separate memory chip. In an embodiment, the trusted security sector 504 may share the first memory chip with the secure element 516. Alternatively, the trusted security sector 504 may be provided in a separate second memory chip. The trusted security sector 504 may be provided as what may be conceptualized as “invisible space.” In an embodiment, at least some of the memory addresses occupied by the trusted security sector 504 may be inaccessible to device applications 510 executing out of permissive sector 508. This demarcation of accessible memory addresses versus inaccessible memory addresses may be provided by the operating system of the mobile access terminal 502. In an embodiment, the trusted security sector 504 may encapsulate a trusted execution environment (TEE), for example conforming at least partially to the Global Platform 2.0 or later revision trusted execution environment standard. It is understood, however, that the trusted security sector 504 is contemplated to provide further functionality than that envisioned by the trusted execution environment standards.
In an embodiment, a trust exchange service 512 is provided in the trusted security sector 504. The trust exchange service 512 may be conceptualized as bridging between the permissive sector 508 and the trusted security sector 504. The trust exchange service 512 promotes secure interactions between the applications executing in the permissive sector 508 and applications executing in the trusted security sector. The security may be provided using one or more techniques. For example, the trust exchange service 512 may pause a plurality of execution threads when initiating an interaction with the trusted security sector 504, for example while handling a request for service from the centralized media controller application 506. This feature may reduce the opportunity that other threads may sniff of otherwise seek to intrude on the operation. For example, the trust exchange service 512 may impose a criteria that all communication between the permissive sector 508 and the trusted security sector 504 be conducted using data that is transformed according to protocols of the trusted security sector 504, for example using encryption and/or using hashing. The trust exchange service 512 may also hide address space in the trusted security sector 504 and/or make the address space inaccessible to the permissive sector 508 without the mediation of the trust exchange service 512.
In an embodiment, the trust exchange service 512 may be implemented in part as a session initiation protocol (SIP) back-to-back user agent (UA). A SIP back-to-back UA may comprise a first SIP user agent facing the device applications 510 and/or receiving client requests from the device applications 510. The SIP back-to-back UA further comprises a second SIP user agent facing the centralized media controller application 506 and transmitting allowed client requests to the centralized media controller application 506 that are forwarded to the second SIP user agent by the first SIP user agent. The first SIP user agent may act as a gate keeper to determine whether a client request may or may not be forwarded on to the second SIP user agent. In another embodiment, however, the trust exchange service 512 may not comprise a SIP back-to-back UA.
In an embodiment, the first SIP user agent of the SIP back-to-back UA provides a first interface that receives a first SIP request from the device application 510. The first SIP user agent reformulates the first SIP request as a second SIP request and sends the second SIP request to a second interface provided by the second SIP user agent of the SIP back-to-back UA. The second SIP user agent transmits the second SIP request to the centralized media controller application 506. The centralized media controller application 506 may then manage the SIP request to provide an IMS communication link for the requesting device application 510. By this sequence of actions, the SIP back-to-back UA protects the centralized media controller application 506 from the device application 510. If, for example, a malicious message was transmitted by the device application 510 to the SIP back-to-back UA, it is expected that the malicious message would be detected or corrected and the associated SIP request would not propagate through unchanged to the centralized media controller application 506. This functionality may be said to provide trusted SIP interactions between the device applications 510 and the centralized media controller application 506.
The device applications 510 may be any of a variety of applications. One of the device applications 510 may be a telephone application that receives dialed digits and attempts to originate a voice call—for example a voice over IP (VoIP) call—to a called telephone. One of the device applications 510 may be a web browser application that requests content from the network 531, for example by sending out a hypertext transport protocol (HTTP) message embedding a universal reference locator (URL). One of the device applications 510 may be a media player that requests streaming media from the network 531. In an embodiment, a building visit device application 510 may be temporarily installed and later removed or self-invalidated after a predefined duration of a visit. Such a building visit device application may support providing electronic credentials to access the building via a door scanner as well as supporting other visit services. Many of the device applications 510 may depend upon communication service provided by an IMS network to deliver their functionality to an end user of the mobile access terminal 502.
As is known to one skilled in the art, client requests for media and/or communication services delivered by an IMS network are typically received and handled by one or more call session control function (CSCF) servers. The CSCF servers may provide a variety of different functions and interwork with a large number of client media requests of different types or different scenarios. The CSCF functionality may be partitioned and distributed to a proxy-CSCF server, an interrogating-CSCF server, and a serving-CSCF server. These three servers may be provided as applications that each execute on different computers or computer systems. Alternatively, two or more of these servers may be provided as applications that execute on the same computer or computer system.
It is a teaching of the present disclosure that an extracted CSCF server application, the centralized media controller application 506, may be executed in the trusted security sector 504 of the mobile access terminal 502, thereby promoting a plurality of new communications scenarios. This can unload some of the processing of the CSCF servers in the network 531. This can reduce demand for network resources. This can reduce the latency experienced by device applications 510 when requesting communications services from the IMS network. This can promote ease of testing new device applications 510 and their interactions with the IMS network. The centralized media controller application 506 may provide some functionality of one or more of a proxy-CSCF server, an interrogating-CSCF server, and a serving-CSCF server. In an embodiment, a proxy-CSCF server application functionality of the centralized media controller application 506 may act as a proxy to the service provider IMS network proxy-CSCF server application.
An extracted CSCF server application provides a sub-set of the functionality provided by a full CSCF server application executing behind a firewall in a service provider's IMS core network. Using other words, an extracted CSCF server application provides reduced functionality with reference to a full CSCF server application executing behind a firewall in a service provider's IMS core network. When developing the firmware and/or software load for the mobile access terminal 502, a relatively small subset of the full-up functionality of a CSCF server application executing in the service provider's IMS network can be identified as sufficient to support the limited needs of the mobile access terminal 502.
In an embodiment, this subset of full-up CSCF server application functionality may be delivered as a library of software and/or firmware components. Because the centralized media controller application 506 encapsulates and provides an extract of the full-up IMS CSCF server applications that execute behind the service provider's firewall in their IMS core network, and because the centralized media controller application 506 receives client requests only from applications executing on the mobile access terminal 502, the authentication protocols used to access the IMS network may be changed. For example, the diameter protocol and/or the remote authentication dial in user service (RADIUS) protocol that provides an authorization, authentication, and accounting (AAA) framework may be modified for use by the extracted centralized media controller application 506. For example, the RADIUS protocols may comprise more than thirty different individual protocols that may be categorized into charging protocols, rating protocols, mediation protocols, etc.
By placing the centralized media controller application 506 in the trusted security sector 504, the centralized media controller application 506 may be protected from malicious attempts to discover privileged security information about the network 531, for example to reverse engineer some of the operating parameters and/or secure information used by CSCF server applications running in the service provider IMS network. In an embodiment, placing the centralized media controller application 506 in the trusted security sector 504 prevents or makes more difficult a hacker backwards manipulating the IMS network of a service provider via the centralized media controller application 506.
In an embodiment, the centralized media controller application 506 acts on behalf of a device application 510 to invite it to a SIP session and conducts authentication by proxy at the relatively high speed of chip instruction execution on the mobile access terminal 502 versus at the relatively low speed of performing the authentication over the network 531. The centralized media controller application 506 is mated and paired with an incident IMS network and provides communications connectivity, for example IMS communications connectivity, between the device applications 510 and the incident IMS network, for example at least a portion of network 531.
In an embodiment, the mobile access terminal 502 may be used to complete a purchase of goods or services via the point-of-sale terminal 530. The purchase may be effected by a communication between the near field communication transceiver 514 and the point-of-sale terminal 530 and may involve the secure element 516 transferring funds to pay for the goods or services, for example debiting a bank account associated with a user of the mobile access terminal 502 and mediating the transfer of those funds to a bank account associated with the point-of-sale terminal 530, for example a bank account associated with a grocery store. The near field communication transceiver 514 may receive a triggering signal from the point-of-sale terminal 530 during such a purchase transaction that indicates to the mobile access terminal 502 to expect a SIP invite message to arrive from the network 531. The near field communication transceiver 514 may pass this information or triggering signal on to the centralized media controller application 506 or to the SIP back-to-back UA 512.
The point-of-sale terminal 530 may transmit a message to a local area network to which it is coupled to cause some media content, for example a video clip, to be transmitted to the mobile access terminal 502 via a communications link that promotes higher bandwidth than that of the near field communication wireless link between the point-of-sale terminal 530 and the near field communication transceiver 514. This communication is effected via the IMS network portion of the network 531 by a SIP invite message being sent to the mobile access terminal 502 and to the centralized media controller application 506. Because the centralized media controller application 506 has been pre-notified to expect such a SIP invite message, the centralized media controller application 506 accepts the SIP invite message, and the video clip is transmitted to a suitable device application 510 which plays a video promotion on the display of the mobile access terminal 502 while the purchase of goods or services is being completed.
In an embodiment, the near field communication transceiver 514 may communicate with the door scanner 533 to provide secure credentials for accessing a building or a secure area. The mobile access terminal 502 may access a web site associated with a secured building in advance of a planned visit and download and install a device application 510 that is a door scanner application or provides functionality for visitors to the secure building. When the mobile access terminal 502 is presented at the door scanner 533, the near field communication transceiver 514 queries the device application 510 door scanner application that was downloaded to the mobile access terminal 502 to obtain electronic credentials, and then provides the needed electronic credentials to the door scanner 533 to pass through the door. The device application 510 door scanner application downloaded to the mobile access terminal 502, triggered by the interaction with the near field communication transceiver 514, sends a SIP invite message to the centralized media controller application 506 to retrieve media content via the macro cellular network and/or via the base transceiver station 532, for example media content that provides graphical information for finding the correct floor and the correct room for a scheduled meeting. Additionally, the SIP invite message sent to the centralized media controller application 506 may request the centralized media controller application 506 to establish a media stream to download documents related to a meeting to a laptop computer belonging to the user of the mobile access terminal 502.
In an embodiment, the device application 510 may originate a voice call to the second mobile access terminal 542. As part of this process, a SIP invite may be sent from the mobile access terminal 502 by the centralized media controller application 506 to the femtocell 540. The femtocell 540 is aware of the presence of the second mobile access terminal 542 and chooses to directly connect a voice channel between the mobile access terminal 502 and the second mobile access terminal 542, for example a VoIP channel. This may be referred to as a device-to-device communication link 544. This kind of new communication mode can save network resources, as it is not necessary for the femtocell 540 to create a link with the network 531 to couple the mobile access terminal 502 to the network 531 and it is not necessary for the femtocell 540 to create a link with the network 531 to couple the second mobile access terminal 542 to the network 531.
Turning now to
At block 604, the centralized media control application using the session initiation protocol (SIP) presence function determines that the second mobile access terminal is accessible in the micro network. For example, in an embodiment, the centralized media controller application 506 determines that the second mobile access terminal 542 is receiving wireless coverage from the femtocell 540. At block 606, the centralized media controller application establishes a voice communication channel between the first mobile access terminal and the second mobile access terminal using wireless links provided by the micro network, wherein the wireless links do not involve a base transceiver station. For example, in an embodiment, the centralized media controller application 506 establishes a voice communication bearer between the mobile access terminal 502 and the second mobile access terminal 542 via wireless links provided by the femtocell 540. The communication bearer may not comprise any communication links in the network 531 or between the femtocell 540 and the network 531.
It is understood that by programming and/or loading executable instructions onto the computer system 780, at least one of the CPU 782, the RAM 788, and the ROM 786 are changed, transforming the computer system 780 in part into a particular machine or apparatus having the novel functionality taught by the present disclosure. It is fundamental to the electrical engineering and software engineering arts that functionality that can be implemented by loading executable software into a computer can be converted to a hardware implementation by well known design rules. Decisions between implementing a concept in software versus hardware typically hinge on considerations of stability of the design and numbers of units to be produced rather than any issues involved in translating from the software domain to the hardware domain. Generally, a design that is still subject to frequent change may be preferred to be implemented in software, because re-spinning a hardware implementation is more expensive than re-spinning a software design. Generally, a design that is stable that will be produced in large volume may be preferred to be implemented in hardware, for example in an application specific integrated circuit (ASIC), because for large production runs the hardware implementation may be less expensive than the software implementation. Often a design may be developed and tested in a software form and later transformed, by well known design rules, to an equivalent hardware implementation in an application specific integrated circuit that hardwires the instructions of the software. In the same manner as a machine controlled by a new ASIC is a particular machine or apparatus, likewise a computer that has been programmed and/or loaded with executable instructions may be viewed as a particular machine or apparatus.
The secondary storage 784 is typically comprised of one or more disk drives or tape drives and is used for non-volatile storage of data and as an over-flow data storage device if RAM 788 is not large enough to hold all working data. Secondary storage 784 may be used to store programs which are loaded into RAM 788 when such programs are selected for execution. The ROM 786 is used to store instructions and perhaps data which are read during program execution. ROM 786 is a non-volatile memory device which typically has a small memory capacity relative to the larger memory capacity of secondary storage 784. The RAM 788 is used to store volatile data and perhaps to store instructions. Access to both ROM 786 and RAM 788 is typically faster than to secondary storage 784. The secondary storage 784, the RAM 788, and/or the ROM 786 may be referred to in some contexts as computer readable storage media and/or non-transitory computer readable media.
I/O devices 790 may include printers, video monitors, liquid crystal displays (LCDs), touch screen displays, keyboards, keypads, switches, dials, mice, track balls, voice recognizers, card readers, paper tape readers, or other well-known input devices.
The network connectivity devices 792 may take the form of modems, modem banks, Ethernet cards, universal serial bus (USB) interface cards, serial interfaces, token ring cards, fiber distributed data interface (FDDI) cards, wireless local area network (WLAN) cards, radio transceiver cards such as code division multiple access (CDMA), global system for mobile communications (GSM), long-term evolution (LTE), worldwide interoperability for microwave access (WiMAX), and/or other air interface protocol radio transceiver cards, and other well-known network devices. These network connectivity devices 792 may enable the processor 782 to communicate with the Internet or one or more intranets. With such a network connection, it is contemplated that the processor 782 might receive information from the network, or might output information to the network in the course of performing the above-described method steps. Such information, which is often represented as a sequence of instructions to be executed using processor 782, may be received from and outputted to the network, for example, in the form of a computer data signal embodied in a carrier wave.
Such information, which may include data or instructions to be executed using processor 782 for example, may be received from and outputted to the network, for example, in the form of a computer data baseband signal or signal embodied in a carrier wave. The baseband signal or signal embedded in the carrier wave, or other types of signals currently used or hereafter developed, may be generated according to several methods well known to one skilled in the art. The baseband signal and/or signal embedded in the carrier wave may be referred to in some contexts as a transitory signal.
The processor 782 executes instructions, codes, computer programs, scripts which it accesses from hard disk, floppy disk, optical disk (these various disk based systems may all be considered secondary storage 784), ROM 786, RAM 788, or the network connectivity devices 792. While only one processor 782 is shown, multiple processors may be present. Thus, while instructions may be discussed as executed by a processor, the instructions may be executed simultaneously, serially, or otherwise executed by one or multiple processors. Instructions, codes, computer programs, scripts, and/or data that may be accessed from the secondary storage 784, for example, hard drives, floppy disks, optical disks, and/or other device, the ROM 786, and/or the RAM 788 may be referred to in some contexts as non-transitory instructions and/or non-transitory information.
In an embodiment, the computer system 780 may comprise two or more computers in communication with each other that collaborate to perform a task. For example, but not by way of limitation, an application may be partitioned in such a way as to permit concurrent and/or parallel processing of the instructions of the application. Alternatively, the data processed by the application may be partitioned in such a way as to permit concurrent and/or parallel processing of different portions of a data set by the two or more computers. In an embodiment, virtualization software may be employed by the computer system 780 to provide the functionality of a number of servers that is not directly bound to the number of computers in the computer system 780. For example, virtualization software may provide twenty virtual servers on four physical computers. In an embodiment, the functionality disclosed above may be provided by executing the application and/or applications in a cloud computing environment. Cloud computing may comprise providing computing services via a network connection using dynamically scalable computing resources. Cloud computing may be supported, at least in part, by virtualization software. A cloud computing environment may be established by an enterprise and/or may be hired on an as-needed basis from a third party provider. Some cloud computing environments may comprise cloud computing resources owned and operated by the enterprise as well as cloud computing resources hired and/or leased from a third party provider.
In an embodiment, some or all of the functionality disclosed above may be provided as a computer program product. The computer program product may comprise one or more computer readable storage medium having computer usable program code embodied therein to implement the functionality disclosed above. The computer program product may comprise data structures, executable instructions, and other computer usable program code. The computer program product may be embodied in removable computer storage media and/or non-removable computer storage media. The removable computer readable storage medium may comprise, without limitation, a paper tape, a magnetic tape, magnetic disk, an optical disk, a solid state memory chip, for example analog magnetic tape, compact disk read only memory (CD-ROM) disks, floppy disks, jump drives, digital cards, multimedia cards, and others. The computer program product may be suitable for loading, by the computer system 780, at least portions of the contents of the computer program product to the secondary storage 784, to the ROM 786, to the RAM 788, and/or to other non-volatile memory and volatile memory of the computer system 780. The processor 782 may process the executable instructions and/or data structures in part by directly accessing the computer program product, for example by reading from a CD-ROM disk inserted into a disk drive peripheral of the computer system 780. Alternatively, the processor 782 may process the executable instructions and/or data structures by remotely accessing the computer program product, for example by downloading the executable instructions and/or data structures from a remote server through the network connectivity devices 792. The computer program product may comprise instructions that promote the loading and/or copying of data, data structures, files, and/or executable instructions to the secondary storage 784, to the ROM 786, to the RAM 788, and/or to other non-volatile memory and volatile memory of the computer system 780.
In some contexts, the secondary storage 784, the ROM 786, and the RAM 788 may be referred to as a non-transitory computer readable medium or a computer readable storage media. A dynamic RAM embodiment of the RAM 788, likewise, may be referred to as a non-transitory computer readable medium in that while the dynamic RAM receives electrical power and is operated in accordance with its design, for example during a period of time during which the computer 780 is turned on and operational, the dynamic RAM stores information that is written to it. Similarly, the processor 782 may comprise an internal RAM, an internal ROM, a cache memory, and/or other internal non-transitory storage blocks, sections, or components that may be referred to in some contexts as non-transitory computer readable media or computer readable storage media.
While several embodiments have been provided in the present disclosure, it should be understood that the disclosed systems and methods may be embodied in many other specific forms without departing from the spirit or scope of the present disclosure. The present examples are to be considered as illustrative and not restrictive, and the intention is not to be limited to the details given herein. For example, the various elements or components may be combined or integrated in another system or certain features may be omitted or not implemented.
Also, techniques, systems, subsystems, and methods described and illustrated in the various embodiments as discrete or separate may be combined or integrated with other systems, modules, techniques, or methods without departing from the scope of the present disclosure. Other items shown or discussed as directly coupled or communicating with each other may be indirectly coupled or communicating through some interface, device, or intermediate component, whether electrically, mechanically, or otherwise. Other examples of changes, substitutions, and alterations are ascertainable by one skilled in the art and could be made without departing from the spirit and scope disclosed herein.
Claims
1. A mobile access terminal for use in an internet protocol multimedia system, comprising:
- a first region of memory;
- a device application stored in the first region of memory;
- a second region of memory that implements a trusted security sector; and,
- a centralized media controller application stored in the trusted security sector that is mated and paired with an incident internet protocol multimedia system network, authenticates the device application by proxy rather than performing authentication over the incident internet protocol multimedia system network, and provides the device application with communications connectivity with the incident internet protocol multimedia system network, wherein the centralized media controller application stored in the trusted security sector of the mobile access terminal is an extracted call session control function server application that provides a sub-set of the functionality provided by a full call session control function server application executing in the incident internet protocol multimedia system network.
2. The mobile access terminal of claim 1, wherein the first region of memory is provided in a first memory chip and the second region of memory is provided in a second memory chip.
3. The mobile access terminal of claim 1, wherein the device application is a voice calling application, and wherein the centralized media controller application encapsulates a call session control function server application that provides device-to-device voice call set-up in response to a voice call origination request from the voice calling application.
4. The mobile access terminal of claim 1, wherein the centralized media controller application encapsulates a proxy call session control function server application.
5. The mobile access terminal of claim 4, wherein the proxy call session control function server application is an extract of a proxy call session control function server application executed by a call session control function server in the incident internet protocol multimedia system network.
6. The mobile access terminal of claim 5, wherein the proxy call session control function server application encapsulated by the centralized media control application executes reduced functionality remote authentication dial in user service functions.
7. A mobile access terminal for use in an internet protocol multimedia system, comprising:
- a first memory chip;
- a first device application stored in the first memory chip;
- a second memory chip that implements a trusted security sector;
- a trust exchange service stored in the trusted security sector; and
- a centralized media controller application stored in the trusted security sector that is mated and paired with an incident internet protocol multimedia system network, receives internet protocol multimedia system access client requests from the first device application via the trust exchange service, authenticates the first device application by proxy rather than performing authentication over the incident internet protocol multimedia system network, and provides the first device application with communications connectivity with the incident internet protocol multimedia system network, wherein the centralized media controller application stored in the trusted security sector of the mobile access terminal is an extracted call session control function server application that provides a sub-set of the functionality provided by a full call session control function server application executing in the incident internet protocol multimedia system network.
8. The mobile access terminal of claim 7, wherein the trust exchange service encapsulates a session initiation protocol back-to-back user agent, wherein a first interface of the session initiation protocol back-to-back user agent receives a first session initiation protocol request from the first device application, the session initiation protocol back-to-back user agent reformulates the first session initiation protocol request as a second session initiation protocol request, and a second interface of the session initiation protocol back-to-back user agent transmits the second session initiation protocol request to the call session control function server application, whereby the session initiation protocol back-to-back user agent protects the call session control function server application from the first device application.
9. The mobile access terminal of claim 8, whereby the session initiation protocol back-to-back user agent provides trusted session initiation protocol interactions between the first device application and the call session control function server application.
10. The mobile access terminal of claim 7, wherein the centralized media controller application provides reduced functionality remote authentication dial in user service (RADIUS) functions for charging, rating, and mediation internet protocol multimedia system network operations.
11. The mobile access terminal of claim 7, further comprising a near field communication transceiver, wherein the centralized media controller application receives a trigger event from the near field communication transceiver and responds to receiving a session initiation protocol invite from an incident internet protocol multimedia system network based on the trigger event.
12. The mobile access terminal of claim 11, wherein the centralized media controller application responds to receiving the session invitation protocol invite by connecting a first media stream from the incident internet protocol multimedia system network to a second device application stored in the first memory chip.
13. The mobile access terminal of claim 11, wherein the centralized media controller application responds to receiving the session invitation protocol invite by connecting a second media stream from a third device application stored in the first memory to another mobile access terminal via the incident internet protocol multimedia system network.
14. The mobile access terminal of claim 7, wherein the trust exchange service pauses a plurality of execution threads of the mobile access terminal while handling one of the internet protocol multimedia system access client requests.
15. A method of establishing a device to device wireless voice call, comprising:
- receiving a voice call origination request by a centralized media controller application executing in a trusted security sector of a first mobile access terminal, where the called party designated by the voice call origination request is a second mobile access terminal, wherein the first mobile access terminal is coupled to a micro network;
- determining, by the centralized media controller application using the session initiation protocol (SIP) presence function, that the second mobile access terminal is accessible in the micro network; and
- establishing, by the centralized media controller application, a voice communication channel between the first mobile access terminal and the second mobile access terminal using wireless links provided by the micro network, wherein the wireless links do not involve a base transceiver station.
16. The method of claim 15, wherein the voice communication channel comprises a first wireless link from the first mobile access terminal to a femtocell and a second wireless link from the femtocell to the second mobile access terminal.
17. The method of claim 16, wherein a voice traffic between the first mobile access terminal and the second mobile access terminal are not transmitted on a wired network.
18. The method of claim 15, wherein the centralized media controller application encapsulates a call session control function server application, wherein a dialer device application executing on the first mobile access terminal outside of the trusted security sector of the first mobile access terminal sends a session initiation protocol invite message to the call session control function server application, wherein the invite message designates the second mobile access terminal, wherein the receiving the voice call origination request comprises receiving the invite message by the call session control function server application.
19. The method of claim 18, wherein a session initiation protocol back-to-back user agent mediates between the dialer device application and the call session control function server application on the first mobile access terminal.
20. The method of claim 15, wherein the wireless links conform with the long-term evolution (LTE) wireless communication protocol.
5303378 | April 12, 1994 | Cohen |
6131024 | October 10, 2000 | Boltz |
6219712 | April 17, 2001 | Mann et al. |
6668322 | December 23, 2003 | Wood et al. |
6823454 | November 23, 2004 | Hind et al. |
6824064 | November 30, 2004 | Guthery et al. |
6895234 | May 17, 2005 | Laursen et al. |
7387240 | June 17, 2008 | Ziegler |
7552467 | June 23, 2009 | Lindsay |
7650645 | January 19, 2010 | Langendorf et al. |
7873837 | January 18, 2011 | Lee et al. |
7895642 | February 22, 2011 | Larson et al. |
7921303 | April 5, 2011 | Mauro, II |
8060449 | November 15, 2011 | Zhu |
8073428 | December 6, 2011 | Khetawat et al. |
8204480 | June 19, 2012 | Lindteigen et al. |
8238823 | August 7, 2012 | Maugars et al. |
8316237 | November 20, 2012 | Felsher et al. |
8402543 | March 19, 2013 | Ranjan et al. |
8413229 | April 2, 2013 | Mullick et al. |
8429409 | April 23, 2013 | Wall et al. |
8443420 | May 14, 2013 | Brown et al. |
8447983 | May 21, 2013 | Beck et al. |
8494576 | July 23, 2013 | Bye et al. |
8504097 | August 6, 2013 | Cope et al. |
8631247 | January 14, 2014 | O'Loughlin et al. |
8632000 | January 21, 2014 | Laracey |
8649770 | February 11, 2014 | Cope et al. |
8667607 | March 4, 2014 | Paczkowski et al. |
8707056 | April 22, 2014 | Felton |
8712407 | April 29, 2014 | Cope et al. |
8726343 | May 13, 2014 | Borzycki et al. |
8738333 | May 27, 2014 | Behera et al. |
8750839 | June 10, 2014 | Paczkowski et al. |
8752140 | June 10, 2014 | Paczkowski et al. |
8762298 | June 24, 2014 | Ranjan et al. |
8793808 | July 29, 2014 | Boccon-Gibod |
8839460 | September 16, 2014 | Shirlen et al. |
8850568 | September 30, 2014 | Shirlen et al. |
8856600 | October 7, 2014 | Zadigian et al. |
8862181 | October 14, 2014 | Cope et al. |
8863252 | October 14, 2014 | Katzer et al. |
8881977 | November 11, 2014 | Paczkowski et al. |
20020095389 | July 18, 2002 | Gaines |
20020156911 | October 24, 2002 | Croman et al. |
20020174344 | November 21, 2002 | Ting |
20020181503 | December 5, 2002 | Montgomery, Jr. |
20020184325 | December 5, 2002 | Killcommons et al. |
20020194361 | December 19, 2002 | Itoh et al. |
20020194496 | December 19, 2002 | Griffin et al. |
20030126225 | July 3, 2003 | Camble et al. |
20030237002 | December 25, 2003 | Oishi et al. |
20040158840 | August 12, 2004 | Rothman et al. |
20040202328 | October 14, 2004 | Hara |
20040233844 | November 25, 2004 | Yu et al. |
20040234049 | November 25, 2004 | Melideo |
20040243810 | December 2, 2004 | Rindborg et al. |
20050015601 | January 20, 2005 | Tabi |
20050052994 | March 10, 2005 | Lee |
20050091505 | April 28, 2005 | Riley et al. |
20050138433 | June 23, 2005 | Linetsky |
20050235166 | October 20, 2005 | England et al. |
20050239481 | October 27, 2005 | Seligmann |
20050289355 | December 29, 2005 | Kitariev et al. |
20060036851 | February 16, 2006 | DeTreville |
20060156026 | July 13, 2006 | Utin |
20060190605 | August 24, 2006 | Franz et al. |
20060212853 | September 21, 2006 | Sutardja |
20060224901 | October 5, 2006 | Lowe |
20060245438 | November 2, 2006 | Sajassi et al. |
20060259790 | November 16, 2006 | Asokan et al. |
20060261949 | November 23, 2006 | Kim et al. |
20060277307 | December 7, 2006 | Bernardin et al. |
20060277433 | December 7, 2006 | Largman et al. |
20070011061 | January 11, 2007 | East |
20070038648 | February 15, 2007 | Chetwood et al. |
20070061535 | March 15, 2007 | Xu et al. |
20070078988 | April 5, 2007 | Miloushev et al. |
20070079120 | April 5, 2007 | Bade et al. |
20070094273 | April 26, 2007 | Fritsch et al. |
20070094691 | April 26, 2007 | Gazdzinski |
20070162759 | July 12, 2007 | Buskey et al. |
20070177771 | August 2, 2007 | Tanaka et al. |
20070180120 | August 2, 2007 | Bainbridge et al. |
20070186212 | August 9, 2007 | Mazzaferri et al. |
20070197261 | August 23, 2007 | Humbel |
20070214332 | September 13, 2007 | Sonoda et al. |
20070276969 | November 29, 2007 | Bressy et al. |
20070277223 | November 29, 2007 | Datta et al. |
20080014867 | January 17, 2008 | Finn |
20080022374 | January 24, 2008 | Brown et al. |
20080092213 | April 17, 2008 | Wei et al. |
20080097793 | April 24, 2008 | Dicks et al. |
20080121687 | May 29, 2008 | Buhot |
20080159129 | July 3, 2008 | Songhurst et al. |
20080159131 | July 3, 2008 | Hoeflin et al. |
20080162361 | July 3, 2008 | Sklovsky |
20080176538 | July 24, 2008 | Terrill et al. |
20080188178 | August 7, 2008 | Maugars et al. |
20080201212 | August 21, 2008 | Hammad et al. |
20080201578 | August 21, 2008 | Drake |
20080212503 | September 4, 2008 | Lipford et al. |
20080244758 | October 2, 2008 | Sahita et al. |
20090047923 | February 19, 2009 | Jain et al. |
20090055278 | February 26, 2009 | Nemani |
20090070272 | March 12, 2009 | Jain |
20090089449 | April 2, 2009 | Day |
20090113425 | April 30, 2009 | Ports et al. |
20090147958 | June 11, 2009 | Calcaterra et al. |
20090154348 | June 18, 2009 | Newman |
20090182634 | July 16, 2009 | Park et al. |
20090193491 | July 30, 2009 | Rao |
20090271321 | October 29, 2009 | Stafford |
20090281947 | November 12, 2009 | Erel |
20090300599 | December 3, 2009 | Piotrowski |
20090320028 | December 24, 2009 | Gellerich et al. |
20100031325 | February 4, 2010 | Maigne et al. |
20100052844 | March 4, 2010 | Wesby |
20100077487 | March 25, 2010 | Travis et al. |
20100082977 | April 1, 2010 | Boyle et al. |
20100125904 | May 20, 2010 | Nice et al. |
20100128598 | May 27, 2010 | Gandhewar et al. |
20100130170 | May 27, 2010 | Liu et al. |
20100142517 | June 10, 2010 | Montemurro et al. |
20100146589 | June 10, 2010 | Safa |
20100153721 | June 17, 2010 | Mellqvist |
20100162028 | June 24, 2010 | Frank et al. |
20100198943 | August 5, 2010 | Harrang et al. |
20100223348 | September 2, 2010 | Przybysz et al. |
20100228937 | September 9, 2010 | Bae et al. |
20100241847 | September 23, 2010 | van der Horst et al. |
20100246818 | September 30, 2010 | Yao |
20100269156 | October 21, 2010 | Hohlfeld et al. |
20100274726 | October 28, 2010 | Florek et al. |
20100281139 | November 4, 2010 | Deprun |
20100299313 | November 25, 2010 | Orsini et al. |
20100306353 | December 2, 2010 | Briscoe et al. |
20100318802 | December 16, 2010 | Balakrishnan |
20100328064 | December 30, 2010 | Rogel |
20110010720 | January 13, 2011 | Smith et al. |
20110014948 | January 20, 2011 | Yeh |
20110021175 | January 27, 2011 | Florek et al. |
20110035604 | February 10, 2011 | Habraken |
20110055084 | March 3, 2011 | Singh |
20110078081 | March 31, 2011 | Pirzadeh et al. |
20110082711 | April 7, 2011 | Poeze et al. |
20110112968 | May 12, 2011 | Florek et al. |
20110113479 | May 12, 2011 | Ganem |
20110154032 | June 23, 2011 | Mauro, II |
20110166883 | July 7, 2011 | Palmer et al. |
20110202916 | August 18, 2011 | Voba et al. |
20110212707 | September 1, 2011 | Mahalal |
20110216701 | September 8, 2011 | Patel et al. |
20110226853 | September 22, 2011 | Soh et al. |
20110237190 | September 29, 2011 | Jolivet |
20110238573 | September 29, 2011 | Varadarajan |
20110238992 | September 29, 2011 | Jancula et al. |
20110246609 | October 6, 2011 | Kim |
20110251892 | October 13, 2011 | Laracey |
20110258462 | October 20, 2011 | Robertson et al. |
20110281558 | November 17, 2011 | Winter |
20110294418 | December 1, 2011 | Chen |
20120003983 | January 5, 2012 | Sherlock et al. |
20120011572 | January 12, 2012 | Chew et al. |
20120021683 | January 26, 2012 | Ma et al. |
20120023583 | January 26, 2012 | Sallam |
20120028575 | February 2, 2012 | Chen et al. |
20120029997 | February 2, 2012 | Khan et al. |
20120036347 | February 9, 2012 | Swanson et al. |
20120052801 | March 1, 2012 | Kulkarni |
20120072481 | March 22, 2012 | Nandlall et al. |
20120072979 | March 22, 2012 | Cha et al. |
20120084211 | April 5, 2012 | Petrov et al. |
20120084438 | April 5, 2012 | Raleigh et al. |
20120084836 | April 5, 2012 | Mahaffey et al. |
20120089700 | April 12, 2012 | Safruti et al. |
20120102202 | April 26, 2012 | Omar |
20120123868 | May 17, 2012 | Brudnicki et al. |
20120130839 | May 24, 2012 | Koh et al. |
20120131178 | May 24, 2012 | Zhu et al. |
20120137119 | May 31, 2012 | Doerr et al. |
20120143703 | June 7, 2012 | Wall et al. |
20120149327 | June 14, 2012 | Raboisson et al. |
20120158467 | June 21, 2012 | Hammad et al. |
20120159163 | June 21, 2012 | von Behren et al. |
20120159612 | June 21, 2012 | Reisgies |
20120163206 | June 28, 2012 | Leung et al. |
20120168494 | July 5, 2012 | Kim |
20120178365 | July 12, 2012 | Katz et al. |
20120178366 | July 12, 2012 | Levy et al. |
20120198519 | August 2, 2012 | Parla et al. |
20120202423 | August 9, 2012 | Tiedemann et al. |
20120207165 | August 16, 2012 | Davis |
20120226582 | September 6, 2012 | Hammad |
20120226772 | September 6, 2012 | Grube et al. |
20120238206 | September 20, 2012 | Singh et al. |
20120252480 | October 4, 2012 | Krutt et al. |
20120255016 | October 4, 2012 | Sallam |
20120258690 | October 11, 2012 | Chen et al. |
20120266076 | October 18, 2012 | Lockhart et al. |
20120266220 | October 18, 2012 | Brudnicki et al. |
20120272306 | October 25, 2012 | Benaloh et al. |
20120284195 | November 8, 2012 | McMillen et al. |
20120291095 | November 15, 2012 | Narendra et al. |
20120295588 | November 22, 2012 | Chen et al. |
20120297187 | November 22, 2012 | Paya et al. |
20120303961 | November 29, 2012 | Kean et al. |
20120304286 | November 29, 2012 | Croll et al. |
20120324293 | December 20, 2012 | Grube et al. |
20130014259 | January 10, 2013 | Gribble et al. |
20130035056 | February 7, 2013 | Prasad et al. |
20130047197 | February 21, 2013 | Saroiu et al. |
20130054474 | February 28, 2013 | Yeager |
20130062417 | March 14, 2013 | Lee et al. |
20130067552 | March 14, 2013 | Hawkes et al. |
20130086684 | April 4, 2013 | Mohler |
20130097302 | April 18, 2013 | Khedouri et al. |
20130109307 | May 2, 2013 | Reisgies et al. |
20130111095 | May 2, 2013 | Mehrotra et al. |
20130117186 | May 9, 2013 | Weinstein et al. |
20130136126 | May 30, 2013 | Wang et al. |
20130138521 | May 30, 2013 | Want et al. |
20130138959 | May 30, 2013 | Pelly et al. |
20130140360 | June 6, 2013 | Graylin |
20130143489 | June 6, 2013 | Morris et al. |
20130145429 | June 6, 2013 | Mendel et al. |
20130159186 | June 20, 2013 | Brudnicki et al. |
20130159710 | June 20, 2013 | Khan |
20130160120 | June 20, 2013 | Malaviya et al. |
20130174147 | July 4, 2013 | Sahita et al. |
20130212704 | August 15, 2013 | Shablygin et al. |
20130263212 | October 3, 2013 | Faltyn et al. |
20130305333 | November 14, 2013 | Katzer et al. |
20130332456 | December 12, 2013 | Arkin |
20130345530 | December 26, 2013 | McRoberts et al. |
20130347103 | December 26, 2013 | Veteikis et al. |
20140033316 | January 30, 2014 | Paczkowski et al. |
20140047548 | February 13, 2014 | Bye et al. |
20140074508 | March 13, 2014 | Ying et al. |
20140188738 | July 3, 2014 | Huxham |
20140245444 | August 28, 2014 | Lutas et al. |
20140281544 | September 18, 2014 | Paczkowski et al. |
WO2011025433 | March 2011 | WO |
2013170228 | November 2013 | WO |
2014004590 | January 2014 | WO |
2014018575 | January 2014 | WO |
2014025687 | February 2014 | WO |
WO2014158431 | October 2014 | WO |
- Notice of Allowance dated Nov. 29, 2013, U.S. Appl. No. 13/440,980, filed Apr. 5, 2012.
- Office Action dated Dec. 19, 2013, U.S. Appl. No. 13/557,213, filed Jul. 25, 2012.
- FAIPP Pre-Interview Communication dated Nov. 27, 2013, U.S. Appl. No. 13/610,856, filed Sep. 11, 2012.
- Notice of Allowance date Jan. 31, 2014, U.S. Appl. No. 13/610,856, filed Sep. 11, 2012.
- Cope, Warren B., et al., “Extended Trusted Security Zone Radio Modem”, filed Nov. 26, 2013, U.S. Appl. No. 14/090,667.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Containers for the Protection and Confidentiality of Trusted Service Manager Data”, filed Feb. 16, 2014, PCT Application No. PCT/US14/16651.
- Foreign Communication from a Related Counterpart—International Search Report and Written Opinion, dated Dec. 2, 2013, PCT/US13/40673, filed on May 10, 2013.
- Giesecke & Devrient, “The OTA Platform in the World of LTE”, Jan. 2011, http://www.gi-de.com/gd—media/media/en/documents/brochures/mobile—security—2/cste—1/OTA-and-LTE.pdf.
- Pesonen, Lauri, “Development of Mobile Payment Ecosystem—NFC Based Payment Services”, Aug. 27, 2008.
- Foreign Communication from a Related Counterpart—International Search Report and Written Opinion, dated Feb. 4, 2014, PCT/US13/47729, filed on Jun. 25, 2013.
- Foreign Communication from a Related Counterpart—International Search Report and Written Opinion, dated Feb. 4, 2014, PCT/US13/51750, filed on Jul. 24, 2013.
- FAIPP Pre-Interview Communication dated Oct. 24, 2012, U.S. Appl. No. 13/463,797, filed May 3, 2012.
- Notice of Allowance dated Mar. 1, 2013, U.S. Appl. No. 13/463,797, filed May 3, 2012.
- FAIPP Pre-Interview Communication dated Jun. 12, 2013, U.S. Appl. No. 13/440,980, filed Apr. 5, 2012.
- FAIPP Pre-Interview Communication dated Oct. 24, 2012, U.S. Appl. No. 13/463,801, filed May 3, 2012.
- Notice of Allowance dated Mar. 14, 2013, U.S. Appl. No. 13/463,801, filed May 3, 2012.
- FAIPP Pre-Interview Communication dated Jul. 25, 2013, U.S. Appl. No. 13/470,203, filed May 11, 2012.
- FAIPP Pre-Interview Communication dated Jun. 6, 2013, U.S. Appl. No. 13/571,348, filed Aug. 10, 2012.
- FAIPP Pre-Interview Communication dated Jun. 5, 2013, U.S. Appl. No. 13/556,200, filed Jul. 24, 2012.
- First Action Interview Office Action dated Aug. 19, 2013, U.S. Appl. No. 13/556,200, filed Jul. 24, 2012.
- First Action Interview Pre-Interview Communication dated Dec. 27, 2011, U.S. Appl. No. 12/486,873, filed Jun. 18, 2009.
- First Action Interview Office Action dated Feb. 13, 2012, U.S. Appl. No. 12/486,873, filed Jun. 18, 2009.
- Office Action dated Jul. 5, 2012, U.S. Appl. No. 12/486,873, filed Jun. 18, 2009.
- Final Office Action dated Feb. 1, 2013, U.S. Appl. No. 12/486,873, filed Jun. 18, 2009.
- Cope, Warren B., et al., “Electronic Purchase Transaction Trust Infrastructure”, filed May 29, 2012, U.S. Appl. No. 13/482,731.
- Cope, Warren B., et al., “Alternative hardware and Software Configuration for Near Field Communication”, filed May 4, 2012, U.S. Appl. No. 13/463,797.
- Cope, Warren B., et al., “Multiple Secure Elements in Mobile Electronic Device with Near Field Communication Capability”, filed Apr. 5, 2012, U.S. Appl. No. 13/440,980.
- Bye, Stephen James, et al., “Near Field Communication Authentication and Validation to Access Corporate Data”, filed May 3, 2012, U.S. Appl. No. 13/463,801.
- Katzer, Robin D., et al., “Web Server Bypass of Backend Process on Near Field Communications and Secure Elements Chips”, filed May 11, 2012, U.S. Appl. No. 13/470,203.
- Katzer, Robin D., et al., “Web Server Bypass of Backend Process on Near Field Communications and Secure Elements Chips”, filed May 10, 2013, PCT Application No. PCT/US13/40673.
- McRoberts, Leo Michael, et al., “End-to-End Trusted Communications Infrastructure”, filed Jun. 25, 2012, U.S. Appl. No. 13/532,588.
- McRoberts, Leo Michael, et al., “End-to-End Trusted Communications Infrastructure”, filed on Jun. 25, 2013, PCT Serial No. PCT/US13/47729.
- Paczkowski, Lyle W., et al., “Trusted Policy and Charging Enforcement Function”, filed Jun. 27, 2012, U.S. Appl. No. 13/533,969.
- Bye, Stephen James, et al., “Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device”, filed Aug. 10, 2012, U.S. Appl. No. 13/571,348.
- Bye, Stephen James, et al., “Systems and Methods for Provisioning and Using Multiple Trusted Security Zones on an Electronic Device”, filed on Aug. 5, 2013, PCT Serial No. PCT/US13/53617.
- Bye, Stephen James, et al., “Trusted Signaling in Long Term Evolution (LTE) 4G Wireless Communication”, filed Feb. 7, 2013, U.S. Appl. No. 13/762,319.
- Cope, Warren B., et al., “Extended Trusted Security Zone Radio Modem”, filed Jul. 2, 2012, U.S. Appl. No. 13/540,437.
- Katzer, Robin D., et al., “Trusted Access to Third Party Applications Systems and Methods”, filed Jul. 25, 2012, U.S. Appl. No. 13/557,213.
- Paczkowski, Lyle W., et al., “System and Methods for Trusted Internet Domain Networking”, filed Sep. 11, 2012, U.S. Appl. No. 13/610,856.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Access to Peripheral Devices”, filed Jul. 24, 2012, U.S. Appl. No. 13/556,200.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Access to Peripheral Devices”, filed Jul. 24, 2013, PCT Application No. PCT/US13/51750.
- Paczkowski, Lyle W., et al., Enablement of a Trusted Security Zone Authentication for Remote Mobile Device Management Systems and Methods, filed Mar. 15, 2013, U.S. Appl. No. 13/844,357.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Communication Addressing on an Electronic Device”, filed Mar. 15, 2013, U.S. Appl. No. 13/844,145.
- Bye, Stephen James, et al., “Protection for Multimedia Files Pre-Downloaded to a Mobile Device”, filed Apr. 15, 2013, U.S. Appl. No. 13/863,376.
- Paczkowski, Lyle W., et al., “Point-of-Sale and Automated Teller Machine Transactions Using Trusted Mobile Access Device”, filed Mar. 13, 2013, U.S. Appl. No. 13/802,383.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Re-Provisioning and Re-Use Capability for Refurbished Mobile Devices”, filed Mar. 14, 2013, U.S. Appl. No. 13/831,486.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Enhanced with Trusted Hardware Drivers”, filed Mar. 13, 2013, U.S. Appl. No. 13/802,404.
- Paczkowski, Lyle W., et al., “Restricting Access of a Portable Communication Device to Confidential Data or Applications via a Remote Network Based on Event Triggers Generated by the Portable Communication Device”, filed Mar. 15, 2013, U.S. Appl. No. 13/844,282.
- Paczkowski, Lyle W., et al., “JTAG Fuse Vulnerability Determination and Protection Using a Trusted Execution Environment”, filed Mar. 15, 2013, U.S. Appl. No. 13/844,325.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Containers for the Protection and Confidentiality of Trusted Service Manager Data”, filed Mar. 14, 2013, U.S. Appl. No. 13/831,463.
- Bye, Stephen James, et al., “Delivering Digital Content to a Mobile Device via a Digital Rights Clearing House”, filed Apr. 10, 2013, U.S. Appl. No. 13/860,338.
- Paczkowski, Lyle W., et al., “Method for Enabling Hardware Assisted Operating System Region for Safe Execution of Untrusted Code Using Trusted Transitional Memory”, filed May 20, 2013, U.S. Appl. No. 13/898,435.
- Paczkowski, Lyle W., et al., “Verifying Applications Using a Trusted Security Zone”, filed Aug. 12, 2013, U.S. Appl. No. 13/964,112.
- Paczkowski, Lyle W., et al., “Mobile Access Terminal with Local Call Session Control Function”, filed Jun. 18, 2009, U.S. Appl. No. 12/486,873.
- Zimmerman, Ann, “Check Out the Future of Shopping”, The Wall Street Journal, Business, May 18, 2011, http://online.wsj.com/article/SB10001424052748703421204576329253050634700.html.
- Garry, Michael, Kroger Test Prepares for Mobile Future:, SN, Supermarket News, Jun. 13, 2011, http://supermarketnews.com/technology/kroger-test-prepares-mobile-future.
- Jones, Sally, “Industry Trends in POS Hardware for Mobile Devices”, Aug. 31, 2011, http://pointofsale.com/20110831734/Mobile-POS-News/industry-trends-in-pos-hardware-for-mobile-devices.html.
- FAIPP Pre-Interview Communication dated Mar. 20, 2014, U.S. Appl. No. 13/482,731, filed May 29, 2012.
- Final Office Action dated Mar. 27, 2014, U.S. Appl. No. 13/470,203, filed May 11, 2012.
- Notice of Allowance dated Jan. 28, 2014, U.S. Appl. No. 12/486,873, filed on Jun. 18, 2009.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Access to Peripheral Devices”, filed Jan. 6, 2014, U.S. Appl. No. 14/148,714.
- Final Office Action dated Sep. 9, 2013, U.S. Appl. No. 13/440,980, filed Apr. 5, 2012.
- Office Action dated Sep. 25, 2013, U.S. Appl. No. 13/571,348, filed Aug. 10, 2012.
- Notice of Allowance dated Aug. 30, 2013; U.S. Appl. No. 13/540,437, filed Jul. 2, 2012.
- Restriction Requirement dated Nov. 1, 2013, U.S. Appl. No. 13/557,213, filed Jul. 25, 2012.
- Notice of Allowance dated Oct. 16, 2013, U.S. Appl. No. 13/556,200, filed Jul. 24, 2012.
- Advisory Action dated Jun. 23, 2014, U.S. Appl. No. 13/571,348, filed Aug. 10, 2012.
- Notice of Allowance dated Jun. 4, 2014, U.S. Appl. No. 13/557,213, filed Jul. 25, 2012.
- FAIPP Pre-Interview Communication dated Aug. 4, 2014, U.S. Appl. No. 13/844,357, filed Mar. 15, 2013.
- Notice of Allowance dated Jul. 8, 2014, U.S. Appl. No. 13/802,383, filed Mar. 13, 2013.
- Restriction Requirement dated Aug. 14, 2014, U.S. Appl. No. 13/594,777, filed Aug. 25, 2012.
- FAIPP Pre-Interview Communication dated Jul. 17, 2014, U.S. Appl. No. 13/594,778, filed Aug. 25, 2012.
- FAIPP Pre-Interview Communication dated Jul. 17, 2014, U.S. Appl. No. 13/594,779, filed Aug. 25, 2012.
- Office Action dated May 5, 2014, U.S. Appl. No. 13/786,450, filed Mar. 5, 2013.
- FAIPP Pre-Interview Communication dated Aug. 6, 2014, U.S. Appl. No. 13/831,486, filed Mar. 14, 2013.
- Ahmed, Farid, et al., “Correlation-based Watermarking Method for Imagine Authentication Applications”, Society of Photo-Optical Instrumentation Engineers, Feb. 17, 2004, pp. 1834-1838.
- Foreign Communication from a Related Counterpart—International Search Report and Written Opinion, dated Jul. 11, 2014, PCT/US14/16651, filed on Feb. 16, 2014.
- Kunkel, Philip M., et al., “Secure Peer-to-Peer Call Forking Facilitated by Trusted 3rd Party Voice Server Provisioning”, filed Oct. 29, 2013, U.S. Appl. No. 14/066,661.
- Bertz, Lyle T., et al., “Framework for Real-Time Brokering of Digital Content Delivery,” filed Aug. 25, 2012, U.S. Appl. No. 13/594,777.
- Bertz, Lyle T., et al.,“Reservations in Real-Time Brokering of Digital Content Delivery,” filed Aug. 25, 2012, U.S. Appl. No. 13/594,778.
- Bertz, Lyle T., et al., “File Retrieval in Real-Time Brokering of Digital Content Delivery,” filed Aug. 25, 2012, U.S. Appl. No. 13/594,779.
- Paczkowski, Lyle W., et al., “Trusted Security Zone Watermark”, filed Mar. 5, 2013, U.S. Appl. No. 13/786,450.
- Paczkowski, Lyle W., et al., “Trusted Processing Location Within a Graphics Processing Unit”, filed Jul. 10, 2013, U.S. Appl. No. 13/939,175.
- McCracken, Billy Gene, Jr., et al. “Mobile Communication Device Profound Identity Brokering Framework”, filed Jun. 6, 2013, U.S. Appl. No. 13/912,190.
- Urbanek, Robert E., Subscriber Identity Module Virtualization:, filed Nov. 20, 2013, U.S. Appl. No. 14/085,474.
- Krieger, Michael D., et al., “Billing Varied Service Based on Tier”, filed Nov. 8, 2013, U.S. Appl. No. 14/075,663.
- Paczkowski, Lyle W., et al., “Trusted Display and Transmission of Digital Ticket Documentation”, filed Jan. 24, 2014, U.S. Appl. No. 14/163,047.
- Loman, Clint H., et al., “Verification of Mobile Device Integrity During Activation”, filed Mar. 28, 2014, U.S. Appl. No. 14/229,532.
- Paczkowski, Lyle W., et al., “Network Based Temporary Trust Extension to a Remote or Mobile Device Enabled via Specialized Cloud Services”, filed Jul. 29, 2014, U.S. Appl. No. 14/446,330.
- Cordes, Kevin R., et al., “Digest of Biographical Information for an Electronic Device with Static and Dynamic Portions”, filed Apr. 4, 2013, U.S. Appl. No. 13/857,141.
- Cordes, Kevin R., et al., “Radio Frequency Identity (RFID) Chip Electrically and Communicatively Coupled to Motherboard of Mobile Communication Device”, filed Apr. 4, 2013, U.S. Appl. No. 13/857,139.
- Cordes, Kevin R., et al., “System for Managing a Digest of Biographical Information Stored in a Radio Frequency Identity Chip Coupled to a Mobile Communication Device”, filed Apr. 4, 2013, U.S. Appl. No. 13/857,138.
- Notice of Allowance dated May 27, 2014, U.S. Appl. No. 13/482,731, filed May 29, 2012.
- Advisory Action dated May 29, 2014, U.S. Appl. No. 13/470,203, filed May 11, 2012.
- Final Office Action dated Apr. 10, 2014, U.S. Appl. No. 13/571,348, filed Aug. 10, 2012.
- FAIPP Pre-Interview Communication dated Apr. 3, 2014, U.S. Appl. No. 13/802,383, filed Mar. 13, 2013.
- First Action Interview Office Action dated May 23, 2014, U.S. Appl. No. 13/802,383, filed Mar. 13, 2013.
- Foreign Communication from a Related Counterpart—International Search Report and Written Opinion, dated Apr. 22, 2014, PCT/US13/53617, filed on Aug. 5, 2013.
- Office Action dated Aug. 29, 2014, U.S. Appl. No. 13/470,203, filed May 11, 2012.
- FAIPP Pre-Interview Communication dated Sep. 25, 2014, U.S. Appl. No. 13/533,969, filed Jun. 27, 2012.
- Notice of Allowance dated Oct. 6, 2014, U.S. Appl. No. 13/844,357, filed Mar. 15, 2013.
- FAIPP Pre-Interview Communication dated Nov. 12, 2014, U.S. Appl. No. 13/844,145, filed Mar. 15, 2013.
- Notice of Allowance dated Sep. 19, 2014, U.S. Appl. No. 13/594,778, filed Aug. 25, 2012.
- Final Office Action dated Nov. 7, 2014, U.S. Appl. No. 13/786,450, filed Mar. 5, 2013.
- Notice of Allowance dated Sep. 26, 2014, U.S. Appl. No. 13/831,486, filed Mar. 14, 2013.
- FAIPP Pre-Interview Communication dated Nov. 7, 2014, U.S. Appl. No. 13/802,404, filed Mar. 13, 2013.
- FAIPP Pre-Interview Communication dated Oct. 29, 2014, U.S. Appl. No. 13/844,282, filed Mar. 15, 2013.
- FAIPP Pre-Interview Communication dated Oct. 21, 2014, U.S. Appl. No. 13/844,325, filed Mar. 15, 2013.
- Foreign Communication from a Related Counterpart—International Preliminary Report on Patentability, dated Nov. 20, 2014, PCT/US13/40673, filed on May 10, 2013.
- Perrig, Adrian, et al., “SPINS: Security Protocols for Sensor Networks,” ACM, Sep. 2002, vol. 8, pp. 521-534.
- Clark, CJ., et al. “Anti-tamper JTAG TAP design enables DRM to JTAG registers and P1687 on-chip instruments”, 2010 IEEE, International Symposium on Hardware-Oriented Security and Trust (HOST). Pub. Date: 2010. Relevant pp. 19-24. http://ieeexplore. ieee. org/stamp/stamp.jsp?tp=&arnumber=5513119.
- Lee, Jeremy, et al., “A Low-Cost Solution for Protecting IPs Against Scan-Based Side Channel Attacks,” 24th IEEE VLSI Test Symposium. Pub. Date: 2006. http//ieeexplore. ieee. org/stamp/stamp.jsp?tp=&arnumber= 1617569.
Type: Grant
Filed: Nov 11, 2011
Date of Patent: Mar 24, 2015
Assignee: Sprint Communications Company L.P. (Overland Park, KS)
Inventors: Robin D. Katzer (Olathe, KS), Lyle W. Paczkowski (Mission Hills, KS)
Primary Examiner: Myron K Wyche
Application Number: 13/294,177
International Classification: H04W 12/06 (20090101);